Legal

Privacy Policy

Last updated: January 1, 2025

No Data Selling

We never sell your personal data to third parties, advertisers, or data brokers.

Bank-Grade Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

GDPR Compliant

We comply with GDPR and respect all data subject rights including access and deletion.

Minimal Collection

We only collect data necessary to provide and improve our financial services.

1. What Data We Collect

Account data

Name, email address, phone number, country of residence, and account type (individual or business) collected during registration.

Application data

Financial information, employment details, income, business registration, and purpose of funds — collected only when you submit a loan, investment, or grant application.

Identity documents

Government-issued ID, proof of address, and proof of income — collected only for KYC verification on applications above $10,000.

Payment data

Payment method type and transaction reference. We do not store card numbers — payments are processed by Stripe, Flutterwave, and NOWPayments who handle PCI compliance.

Usage data

IP address, browser type, pages visited, and time on site — collected automatically for security and to improve our Platform.

2. How We Use Your Data

Service delivery

Processing your applications, verifying your identity, making credit decisions, and administering your account.

Communication

Sending application updates, OTP codes, account notifications, and responding to your inquiries. We do not send unsolicited marketing without explicit consent.

Legal compliance

Complying with anti-money laundering (AML), Know Your Customer (KYC), and international financial regulations.

Security

Detecting and preventing fraud, unauthorised access, and other harmful activities on our Platform.

Improvement

Understanding how users interact with the Platform to improve usability and services. Analytics data is aggregated and anonymised.

3. Data Sharing

We do not sell your data.

DST Global does not sell, rent, or trade personal data to any third party under any circumstances.

Legal requirements

We may disclose data to comply with legal obligations, court orders, or requests from regulatory authorities with jurisdiction over our operations.

Business transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred. Users will be notified before data is transferred and subject to a different privacy policy.

4. Data Security

Encryption

All data is transmitted over TLS 1.3 encrypted connections. Sensitive data is stored using AES-256 encryption at rest.

Access control

Only authorised personnel can access personal data, and only when required for their role. Access is logged and audited.

Row-level security

Our database enforces row-level security policies so each user can only access their own data. Even database administrators cannot access user data without leaving an audit trail.

Breach notification

In the event of a data breach affecting your personal data, we will notify you within 72 hours as required by GDPR.

5. Your Rights

Access

You have the right to request a copy of all personal data we hold about you. Submit a data access request via your account settings or email privacy@dstglobal.com.

Correction

You may update or correct your personal information at any time from your Profile page in the dashboard.

Deletion

You may request deletion of your account and personal data. Note that we may retain certain data for legal and regulatory compliance for up to 7 years.

Portability

You may request your data in a machine-readable format (JSON or CSV) at any time.

Objection

You may object to certain processing activities, including direct marketing. Contact us at privacy@dstglobal.com.

6. Data Retention

Account data

Retained for as long as your account is active, plus up to 3 years after account closure for legal compliance.

Application records

Loan, investment, and grant application records are retained for 7 years to comply with financial regulations.

Communication records

Emails and support tickets are retained for 3 years.

Usage logs

Server access logs are retained for 90 days for security monitoring, then automatically deleted.

7. Cookies

Necessary cookies

We use session cookies required for authentication and security. These cannot be disabled as they are essential to the Platform's operation.

Analytics cookies

We may use anonymised analytics cookies to understand usage patterns. You may opt out via the cookie consent banner shown on your first visit.

No advertising cookies

DST Global does not use advertising or tracking cookies. We do not allow third-party ad networks on our Platform.

Privacy Contact

For privacy-related inquiries, data access requests, or to exercise your rights under GDPR or applicable data protection law, contact our Data Protection Officer:

📧 privacy@dstglobal.com · DST Global Financial Services, London, UK

Last updated: January 1, 2025